A number of three files containing highly sensitive information belonging to students and staff members from the University of Tampa (UT) were publicly available for a period of around eight months due to a server management error.

One of the files contained the records of 6,818 students, including IDs, social security numbers, names and birthdates. The other two contained the same information, along with 29,540 faculty, staff and students’ photographs, the data being collected between 2000 and 2011.

As soon as the availability of the files was discovered, the institution’s IT department took the necessary measures to ensure that they would no longer be accessible.

“While there is no evidence of any fraud or other malicious behavior, as an additional precaution UT has decided to pay for each potentially impacted individual to sign up, if they desire, for fraud alert services with a national identity protection service,” reads a report from UT.

“UT is currently working with a third party service, and they will send letters to those individuals potentially impacted by the data exposure.”

It has been determined that the data breach resulted after three temporary files were created to resolve a UT identification card issue that emerged in July 2011, when a new server was set up.

The file that contained the records of nearly 7,000 students was indexed by Google, but the other two may have been found only by someone who knew what to look for.

UT provided the potential victims with information regarding the risks. The institution’s representatives also claimed that after examining the logs associated with the files, they determined that no one had accessed them, besides the individuals who reported the breach.